admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:25:46 +00:00
parent 5b0808bfcf
commit e58fdf2b81
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4129 additions and 4129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2006/5xxx/CVE-2006-5233.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061004 (0-Day) PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented TCP port 42",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0090.html"
},
{
"name" : "20351",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20351"
},
{
"name" : "22266",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22266"
},
{
"name" : "soundpoint-ip301-long-url-dos(29350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061004 (0-Day) PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented TCP port 42",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0090.html"
},
{
"name": "soundpoint-ip301-long-url-dos(29350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29350"
},
{
"name": "20351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20351"
},
{
"name": "22266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22266"
}
]
}
}

310
2006/5xxx/CVE-2006-5750.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-5750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
},
{
"name" : "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
},
{
"name" : "http://jira.jboss.com/jira/browse/ASPATCH-126",
"refsource" : "CONFIRM",
"url" : "http://jira.jboss.com/jira/browse/ASPATCH-126"
},
{
"name" : "http://jira.jboss.com/jira/browse/JBAS-3861",
"refsource" : "CONFIRM",
"url" : "http://jira.jboss.com/jira/browse/JBAS-3861"
},
{
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
},
{
"name" : "HPSBST02318",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name" : "SSRT080018",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name" : "RHSA-2006:0743",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
},
{
"name" : "SUSE-SR:2007:002",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
},
{
"name" : "21219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21219"
},
{
"name" : "ADV-2006-4724",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4724"
},
{
"name" : "ADV-2006-4726",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4726"
},
{
"name" : "ADV-2007-0554",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0554"
},
{
"name" : "ADV-2008-1155",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1155/references"
},
{
"name" : "30767",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/30767"
},
{
"name" : "1017289",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017289"
},
{
"name" : "23095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23095"
},
{
"name" : "23984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23984"
},
{
"name" : "24104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24104"
},
{
"name" : "29726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23984"
},
{
"name": "ADV-2008-1155",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1155/references"
},
{
"name": "SSRT080018",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name": "RHSA-2006:0743",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0743.html"
},
{
"name": "30767",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30767"
},
{
"name": "21219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21219"
},
{
"name": "ADV-2006-4724",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4724"
},
{
"name": "23095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23095"
},
{
"name": "HPSBST02318",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402"
},
{
"name": "29726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29726"
},
{
"name": "20061128 Re: SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452862/100/100/threaded"
},
{
"name": "http://jira.jboss.com/jira/browse/ASPATCH-126",
"refsource": "CONFIRM",
"url": "http://jira.jboss.com/jira/browse/ASPATCH-126"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/719/3024921_f.SAL_Public.html"
},
{
"name": "1017289",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017289"
},
{
"name": "SUSE-SR:2007:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_02_sr.html"
},
{
"name": "ADV-2007-0554",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0554"
},
{
"name": "ADV-2006-4726",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4726"
},
{
"name": "24104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24104"
},
{
"name": "20061127 SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452830/100/0/threaded"
},
{
"name": "http://jira.jboss.com/jira/browse/JBAS-3861",
"refsource": "CONFIRM",
"url": "http://jira.jboss.com/jira/browse/JBAS-3861"
}
]
}
}

190
2006/5xxx/CVE-2006-5917.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-5917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20061108 omnistar article manager [multiples injection sql]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/451045/100/0/threaded"
},
{
"name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=10",
"refsource" : "MISC",
"url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=10"
},
{
"name" : "20990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20990"
},
{
"name" : "ADV-2006-4449",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4449"
},
{
"name" : "1017208",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1017208"
},
{
"name" : "22794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22794"
},
{
"name" : "1865",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1865"
},
{
"name" : "omnistar-article-articleid-sql-injection(30166)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in OmniStar Article Manager allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in (a) articles/comments.php and (b) articles/article.php, and the (2) page_id parameter in (c) articles/pages.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061108 omnistar article manager [multiples injection sql]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451045/100/0/threaded"
},
{
"name": "20990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20990"
},
{
"name": "1865",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1865"
},
{
"name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=10",
"refsource": "MISC",
"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=10"
},
{
"name": "22794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22794"
},
{
"name": "1017208",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017208"
},
{
"name": "ADV-2006-4449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4449"
},
{
"name": "omnistar-article-articleid-sql-injection(30166)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30166"
}
]
}
}

410
2007/2xxx/CVE-2007-2525.json
View File

@ -1,207 +1,207 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm"
},
{
"name" : "DSA-1356",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1356"
},
{
"name" : "DSA-1503",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1503"
},
{
"name" : "DSA-1504",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1504"
},
{
"name" : "MDKSA-2007:171",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name" : "MDKSA-2007:196",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name" : "MDKSA-2007:216",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name" : "RHSA-2007:0376",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2007-0376.html"
},
{
"name" : "RHSA-2007:0488",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2007-0488.html"
},
{
"name" : "SUSE-SA:2007:051",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name" : "SUSE-SA:2007:053",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name" : "USN-486-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name" : "USN-489-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name" : "USN-510-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name" : "23870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23870"
},
{
"name" : "oval:org.mitre.oval:def:10594",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10594"
},
{
"name" : "ADV-2007-1703",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1703"
},
{
"name" : "25163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25163"
},
{
"name" : "25700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25700"
},
{
"name" : "25838",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25838"
},
{
"name" : "26133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26133"
},
{
"name" : "26139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26139"
},
{
"name" : "26289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26289"
},
{
"name" : "26450",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26450"
},
{
"name" : "26620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26620"
},
{
"name" : "26664",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26664"
},
{
"name" : "27227",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27227"
},
{
"name" : "29058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29058"
},
{
"name" : "kernel-pppoe-dos(34150)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.21-git8.log"
},
{
"name": "ADV-2007-1703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1703"
},
{
"name": "27227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27227"
},
{
"name": "26664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26664"
},
{
"name": "SUSE-SA:2007:051",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
},
{
"name": "SUSE-SA:2007:053",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
},
{
"name": "26289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26289"
},
{
"name": "23870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23870"
},
{
"name": "oval:org.mitre.oval:def:10594",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10594"
},
{
"name": "25838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25838"
},
{
"name": "MDKSA-2007:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:171"
},
{
"name": "USN-510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-510-1"
},
{
"name": "DSA-1504",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1504"
},
{
"name": "DSA-1356",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1356"
},
{
"name": "MDKSA-2007:216",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:216"
},
{
"name": "26620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26620"
},
{
"name": "USN-489-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-489-1"
},
{
"name": "kernel-pppoe-dos(34150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34150"
},
{
"name": "MDKSA-2007:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:196"
},
{
"name": "25163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25163"
},
{
"name": "DSA-1503",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1503"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-287.htm"
},
{
"name": "29058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29058"
},
{
"name": "RHSA-2007:0376",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2007-0376.html"
},
{
"name": "USN-486-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-486-1"
},
{
"name": "26450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26450"
},
{
"name": "25700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25700"
},
{
"name": "26139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26139"
},
{
"name": "RHSA-2007:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0488.html"
},
{
"name": "26133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26133"
}
]
}
}

160
2007/2xxx/CVE-2007-2663.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3909",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3909"
},
{
"name" : "23959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23959"
},
{
"name" : "ADV-2007-1798",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1798"
},
{
"name" : "37816",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37816"
},
{
"name" : "beacon-splashlang-file-include(34270)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3909"
},
{
"name": "23959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23959"
},
{
"name": "ADV-2007-1798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1798"
},
{
"name": "beacon-splashlang-file-include(34270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34270"
},
{
"name": "37816",
"refsource": "OSVDB",
"url": "http://osvdb.org/37816"
}
]
}
}

290
2007/2xxx/CVE-2007-2816.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "3962",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3962"
},
{
"name" : "20070522 true (with errors): ol'bookmarks RFI",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-May/001623.html"
},
{
"name" : "24083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24083"
},
{
"name" : "36493",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36493"
},
{
"name" : "36494",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36494"
},
{
"name" : "36495",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36495"
},
{
"name" : "36496",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36496"
},
{
"name" : "36497",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36497"
},
{
"name" : "36498",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36498"
},
{
"name" : "36499",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36499"
},
{
"name" : "36500",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36500"
},
{
"name" : "36501",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36501"
},
{
"name" : "36502",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36502"
},
{
"name" : "36503",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36503"
},
{
"name" : "36504",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36504"
},
{
"name" : "ADV-2007-1893",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1893"
},
{
"name" : "25356",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25356"
},
{
"name" : "olbookmarks-root-file-include(34402)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36502",
"refsource": "OSVDB",
"url": "http://osvdb.org/36502"
},
{
"name": "36503",
"refsource": "OSVDB",
"url": "http://osvdb.org/36503"
},
{
"name": "36495",
"refsource": "OSVDB",
"url": "http://osvdb.org/36495"
},
{
"name": "36499",
"refsource": "OSVDB",
"url": "http://osvdb.org/36499"
},
{
"name": "36494",
"refsource": "OSVDB",
"url": "http://osvdb.org/36494"
},
{
"name": "36498",
"refsource": "OSVDB",
"url": "http://osvdb.org/36498"
},
{
"name": "ADV-2007-1893",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1893"
},
{
"name": "20070522 true (with errors): ol'bookmarks RFI",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-May/001623.html"
},
{
"name": "3962",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3962"
},
{
"name": "25356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25356"
},
{
"name": "36501",
"refsource": "OSVDB",
"url": "http://osvdb.org/36501"
},
{
"name": "36504",
"refsource": "OSVDB",
"url": "http://osvdb.org/36504"
},
{
"name": "36493",
"refsource": "OSVDB",
"url": "http://osvdb.org/36493"
},
{
"name": "olbookmarks-root-file-include(34402)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34402"
},
{
"name": "36497",
"refsource": "OSVDB",
"url": "http://osvdb.org/36497"
},
{
"name": "36500",
"refsource": "OSVDB",
"url": "http://osvdb.org/36500"
},
{
"name": "24083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24083"
},
{
"name": "36496",
"refsource": "OSVDB",
"url": "http://osvdb.org/36496"
}
]
}
}

180
2007/2xxx/CVE-2007-2880.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-2880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070525 Multiple XSS in Digirez",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/469589/100/0/threaded"
},
{
"name" : "ADV-2007-1960",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1960"
},
{
"name" : "36482",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36482"
},
{
"name" : "36483",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/36483"
},
{
"name" : "25422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25422"
},
{
"name" : "2738",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/2738"
},
{
"name" : "digirez-week-infobook-xss(34511)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34511"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36483",
"refsource": "OSVDB",
"url": "http://osvdb.org/36483"
},
{
"name": "2738",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2738"
},
{
"name": "digirez-week-infobook-xss(34511)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34511"
},
{
"name": "25422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25422"
},
{
"name": "ADV-2007-1960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1960"
},
{
"name": "20070525 Multiple XSS in Digirez",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/469589/100/0/threaded"
},
{
"name": "36482",
"refsource": "OSVDB",
"url": "http://osvdb.org/36482"
}
]
}
}

170
2007/3xxx/CVE-2007-3233.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4060",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4060"
},
{
"name" : "24440",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24440"
},
{
"name" : "ADV-2007-2167",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2167"
},
{
"name" : "37240",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37240"
},
{
"name" : "25643",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25643"
},
{
"name" : "tbarcode-saveimage-command-execution(34826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25643",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25643"
},
{
"name": "tbarcode-saveimage-command-execution(34826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34826"
},
{
"name": "24440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24440"
},
{
"name": "4060",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4060"
},
{
"name": "ADV-2007-2167",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2167"
},
{
"name": "37240",
"refsource": "OSVDB",
"url": "http://osvdb.org/37240"
}
]
}
}

340
2007/3xxx/CVE-2007-3392.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-3392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070814 WireShark MMS Remote Denial of Service vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/476468/100/0/threaded"
},
{
"name" : "http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582",
"refsource" : "CONFIRM",
"url" : "http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2007-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2007-02.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1498",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1498"
},
{
"name" : "DSA-1322",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1322"
},
{
"name" : "GLSA-200708-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200708-12.xml"
},
{
"name" : "MDKSA-2007:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:145"
},
{
"name" : "RHSA-2007:0710",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0710.html"
},
{
"name" : "RHSA-2007:0709",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0709.html"
},
{
"name" : "RHSA-2008:0059",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0059.html"
},
{
"name" : "SUSE-SR:2007:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name" : "24662",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24662"
},
{
"name" : "oval:org.mitre.oval:def:10663",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10663"
},
{
"name" : "ADV-2007-2353",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2353"
},
{
"name" : "1018315",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1018315"
},
{
"name" : "25877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25877"
},
{
"name" : "26004",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26004"
},
{
"name" : "25833",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25833"
},
{
"name" : "25987",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25987"
},
{
"name" : "26499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26499"
},
{
"name" : "28583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28583"
},
{
"name" : "wireshark-sslmms-dos(35203)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25833"
},
{
"name": "oval:org.mitre.oval:def:10663",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10663"
},
{
"name": "25877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25877"
},
{
"name": "RHSA-2008:0059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0059.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2007-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2007-02.html"
},
{
"name": "RHSA-2007:0710",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0710.html"
},
{
"name": "26499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26499"
},
{
"name": "25987",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25987"
},
{
"name": "26004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26004"
},
{
"name": "GLSA-200708-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-12.xml"
},
{
"name": "RHSA-2007:0709",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0709.html"
},
{
"name": "MDKSA-2007:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:145"
},
{
"name": "1018315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018315"
},
{
"name": "https://issues.rpath.com/browse/RPL-1498",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1498"
},
{
"name": "24662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24662"
},
{
"name": "28583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28583"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-0.99.6.html"
},
{
"name": "ADV-2007-2353",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2353"
},
{
"name": "20070814 WireShark MMS Remote Denial of Service vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476468/100/0/threaded"
},
{
"name": "DSA-1322",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1322"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"name": "http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582",
"refsource": "CONFIRM",
"url": "http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582"
},
{
"name": "wireshark-sslmms-dos(35203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35203"
}
]
}
}

150
2007/6xxx/CVE-2007-6291.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20071206 HackerSafe Labs - Security Advisory - Xigla Absolute Banner Manager v4.0",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058896.html"
},
{
"name" : "26754",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26754"
},
{
"name" : "27958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27958"
},
{
"name" : "absolutebannermanager-abm-sql-injection(38921)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27958"
},
{
"name": "20071206 HackerSafe Labs - Security Advisory - Xigla Absolute Banner Manager v4.0",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058896.html"
},
{
"name": "absolutebannermanager-abm-sql-injection(38921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38921"
},
{
"name": "26754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26754"
}
]
}
}

160
2007/6xxx/CVE-2007-6298.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-6298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/198163",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/198163"
},
{
"name" : "26736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26736"
},
{
"name" : "39053",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39053"
},
{
"name" : "27953",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27953"
},
{
"name" : "drupal-shoutbox-unspecified-xss(38885)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/38885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27953",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27953"
},
{
"name": "39053",
"refsource": "OSVDB",
"url": "http://osvdb.org/39053"
},
{
"name": "drupal-shoutbox-unspecified-xss(38885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38885"
},
{
"name": "26736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26736"
},
{
"name": "http://drupal.org/node/198163",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/198163"
}
]
}
}

170
2010/0xxx/CVE-2010-0435.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-0435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=570528",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=570528"
},
{
"name" : "RHSA-2010:0622",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0622.html"
},
{
"name" : "RHSA-2010:0627",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0627.html"
},
{
"name" : "SUSE-SA:2011:001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name" : "42778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42778"
},
{
"name" : "ADV-2011-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, and KVM 83, when the Intel VT-x extension is enabled, allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via vectors related to instruction emulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0627",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0627.html"
},
{
"name": "42778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42778"
},
{
"name": "RHSA-2010:0622",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2010-0622.html"
},
{
"name": "SUSE-SA:2011:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=570528",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570528"
},
{
"name": "ADV-2011-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0012"
}
]
}
}

180
2010/1xxx/CVE-2010-1136.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \"persistent login,\" probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196",
"refsource" : "MISC",
"url" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196"
},
{
"name" : "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource" : "CONFIRM",
"url" : "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196",
"refsource" : "CONFIRM",
"url" : "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196"
},
{
"name" : "38608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38608"
},
{
"name" : "62801",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/62801"
},
{
"name" : "38882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38882"
},
{
"name" : "tikiwiki-standardmethod-unspecified(56771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to \"persistent login,\" probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196",
"refsource": "CONFIRM",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196"
},
{
"name": "38608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38608"
},
{
"name": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases",
"refsource": "CONFIRM",
"url": "http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases"
},
{
"name": "62801",
"refsource": "OSVDB",
"url": "http://osvdb.org/62801"
},
{
"name": "tikiwiki-standardmethod-unspecified(56771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56771"
},
{
"name": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196",
"refsource": "MISC",
"url": "http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196"
},
{
"name": "38882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38882"
}
]
}
}

320
2010/1xxx/CVE-2010-1156.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100411 CVE request: irssi 0.8.15",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127098845125270&w=2"
},
{
"name" : "[oss-security] 20100412 Re: CVE request: irssi 0.8.15",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127110132019166&w=2"
},
{
"name" : "[oss-security] 20100412 Re: CVE request: irssi 0.8.15",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127111071631857&w=2"
},
{
"name" : "[oss-security] 20100413 Re: CVE request: irssi 0.8.15",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127119240204394&w=2"
},
{
"name" : "[oss-security] 20100413 Re: CVE request: irssi 0.8.15",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=127115784314970&w=2"
},
{
"name" : "http://irssi.org/news",
"refsource" : "CONFIRM",
"url" : "http://irssi.org/news"
},
{
"name" : "http://irssi.org/news/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://irssi.org/news/ChangeLog"
},
{
"name" : "http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126",
"refsource" : "CONFIRM",
"url" : "http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126"
},
{
"name" : "FEDORA-2010-6629",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"
},
{
"name" : "SSA:2010-116-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "USN-929-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-929-1"
},
{
"name" : "1023845",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023845"
},
{
"name" : "39365",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39365"
},
{
"name" : "39620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39620"
},
{
"name" : "39797",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39797"
},
{
"name" : "ADV-2010-0856",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0856"
},
{
"name" : "ADV-2010-0987",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0987"
},
{
"name" : "ADV-2010-1110",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1110"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name" : "irssi-unspecified-dos(57791)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100412 Re: CVE request: irssi 0.8.15",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127110132019166&w=2"
},
{
"name": "ADV-2010-0856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0856"
},
{
"name": "ADV-2010-1110",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1110"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "ADV-2010-0987",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0987"
},
{
"name": "[oss-security] 20100412 Re: CVE request: irssi 0.8.15",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127111071631857&w=2"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "[oss-security] 20100413 Re: CVE request: irssi 0.8.15",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127119240204394&w=2"
},
{
"name": "irssi-unspecified-dos(57791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57791"
},
{
"name": "39620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39620"
},
{
"name": "http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126",
"refsource": "CONFIRM",
"url": "http://svn.irssi.org/cgi-bin/viewvc.cgi/irssi/trunk/src/core/nicklist.c?root=irssi&r1=4922&r2=5126"
},
{
"name": "39365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39365"
},
{
"name": "USN-929-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-929-1"
},
{
"name": "http://irssi.org/news",
"refsource": "CONFIRM",
"url": "http://irssi.org/news"
},
{
"name": "[oss-security] 20100411 CVE request: irssi 0.8.15",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127098845125270&w=2"
},
{
"name": "[oss-security] 20100413 Re: CVE request: irssi 0.8.15",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=127115784314970&w=2"
},
{
"name": "1023845",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023845"
},
{
"name": "SSA:2010-116-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.497301"
},
{
"name": "FEDORA-2010-6629",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html"
},
{
"name": "http://irssi.org/news/ChangeLog",
"refsource": "CONFIRM",
"url": "http://irssi.org/news/ChangeLog"
},
{
"name": "39797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39797"
}
]
}
}

190
2010/1xxx/CVE-2010-1811.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-1811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4334",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4334"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2010-09-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "appleios-tiff-code-exec(61696)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "appleios-tiff-code-exec(61696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}

34
2010/5xxx/CVE-2010-5108.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5108",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5108",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2010/5xxx/CVE-2010-5185.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2010-5185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://personalfirewall.comodo.com/release_notes.html",
"refsource" : "CONFIRM",
"url" : "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Antivirus component in Comodo Internet Security before 5.3.174622.1216 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://personalfirewall.comodo.com/release_notes.html",
"refsource": "CONFIRM",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}

180
2014/0xxx/CVE-2014-0073.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"name" : "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2014/Mar/30"
},
{
"name" : "[cordova-dev] 20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource" : "MLIST",
"url" : "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw@mail.gmail.com%3E"
},
{
"name" : "http://d3adend.org/blog/?p=403",
"refsource" : "MISC",
"url" : "http://d3adend.org/blog/?p=403"
},
{
"name" : "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55",
"refsource" : "CONFIRM",
"url" : "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"name" : "65959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65959"
},
{
"name" : "apache-cordova-cve20140073-priv-esc(91560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531334/100/0/threaded"
},
{
"name": "65959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65959"
},
{
"name": "http://d3adend.org/blog/?p=403",
"refsource": "MISC",
"url": "http://d3adend.org/blog/?p=403"
},
{
"name": "[cordova-dev] 20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/cordova-dev/201403.mbox/%3CCAK_TSXLGJag5Q9ATUCbFtkWvMWX9XnC80kKp-HKi25gPcvV4gw@mail.gmail.com%3E"
},
{
"name": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55",
"refsource": "CONFIRM",
"url": "https://github.com/apache/cordova-plugin-inappbrowser/commit/26702cb0720c5c394b407c23570136c53171fa55"
},
{
"name": "apache-cordova-cve20140073-priv-esc(91560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91560"
},
{
"name": "20140304 [CVE-2014-0073] Apache Cordova In-App-Browser privilege escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/30"
}
]
}
}

170
2014/0xxx/CVE-2014-0370.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-0370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2014-0370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64837"
},
{
"name" : "102108",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102108"
},
{
"name" : "1029622",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029622"
},
{
"name" : "56481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Clinical Trip Report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029622",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029622"
},
{
"name": "56481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56481"
},
{
"name": "102108",
"refsource": "OSVDB",
"url": "http://osvdb.org/102108"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "64837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64837"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

150
2014/1xxx/CVE-2014-1346.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-1346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT6254",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT6254"
},
{
"name" : "APPLE-SA-2014-05-21-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"name" : "APPLE-SA-2014-06-30-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name" : "67554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67554"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT6254",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT6254"
},
{
"name": "APPLE-SA-2014-06-30-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html"
},
{
"name": "APPLE-SA-2014-05-21-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html"
},
{
"name": "67554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67554"
}
]
}
}

280
2014/1xxx/CVE-2014-1402.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140110 CVE Request: python-jinja2: arbitrary code execution vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/01/10/2"
},
{
"name" : "[oss-security] 20140110 Re: CVE Request: python-jinja2: arbitrary code execution vulnerability",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/01/10/3"
},
{
"name" : "[El-errata] 20140611 Oracle Linux Security Advisory ELSA-2014-0747",
"refsource" : "MLIST",
"url" : "https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0028.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0028.html"
},
{
"name" : "http://jinja.pocoo.org/docs/changelog/",
"refsource" : "CONFIRM",
"url" : "http://jinja.pocoo.org/docs/changelog/"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051421",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
},
{
"name" : "GLSA-201408-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml"
},
{
"name" : "MDVSA-2014:096",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:096"
},
{
"name" : "RHSA-2014:0747",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0747.html"
},
{
"name" : "RHSA-2014:0748",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0748.html"
},
{
"name" : "58918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58918"
},
{
"name" : "59017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59017"
},
{
"name" : "60770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60770"
},
{
"name" : "56287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56287"
},
{
"name" : "60738",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60738"
},
{
"name" : "58783",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58783"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[El-errata] 20140611 Oracle Linux Security Advisory ELSA-2014-0747",
"refsource": "MLIST",
"url": "https://oss.oracle.com/pipermail/el-errata/2014-June/004192.html"
},
{
"name": "[oss-security] 20140110 Re: CVE Request: python-jinja2: arbitrary code execution vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/10/3"
},
{
"name": "59017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59017"
},
{
"name": "56287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56287"
},
{
"name": "MDVSA-2014:096",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:096"
},
{
"name": "58783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58783"
},
{
"name": "58918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58918"
},
{
"name": "60738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60738"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051421"
},
{
"name": "60770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60770"
},
{
"name": "RHSA-2014:0747",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0747.html"
},
{
"name": "http://jinja.pocoo.org/docs/changelog/",
"refsource": "CONFIRM",
"url": "http://jinja.pocoo.org/docs/changelog/"
},
{
"name": "GLSA-201408-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-13.xml"
},
{
"name": "[oss-security] 20140110 CVE Request: python-jinja2: arbitrary code execution vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/10/2"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0028.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0028.html"
},
{
"name": "RHSA-2014:0748",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0748.html"
}
]
}
}

34
2014/1xxx/CVE-2014-1614.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1614",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1614",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2014/1xxx/CVE-2014-1627.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1627",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1627",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/1xxx/CVE-2014-1708.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2014-1708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=344051",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=344051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=344051",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=344051"
}
]
}
}

34
2014/1xxx/CVE-2014-1866.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-1866",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1866",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2014/5xxx/CVE-2014-5110.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html"
},
{
"name" : "trixbox-userhelphtmlindex-xss(94719)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trixbox-userhelphtmlindex-xss(94719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94719"
},
{
"name": "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html"
}
]
}
}

180
2014/5xxx/CVE-2014-5356.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-5356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140821 [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/08/21/6"
},
{
"name" : "https://bugs.launchpad.net/glance/+bug/1315321",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/glance/+bug/1315321"
},
{
"name" : "RHSA-2014:1337",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
},
{
"name" : "RHSA-2014:1338",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
},
{
"name" : "RHSA-2014:1685",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
},
{
"name" : "USN-2322-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2322-1"
},
{
"name" : "60743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60743"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140821 [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/21/6"
},
{
"name": "USN-2322-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2322-1"
},
{
"name": "RHSA-2014:1337",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1337.html"
},
{
"name": "RHSA-2014:1685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1685.html"
},
{
"name": "60743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60743"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1315321",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/glance/+bug/1315321"
},
{
"name": "RHSA-2014:1338",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1338.html"
}
]
}
}

160
2015/2xxx/CVE-2015-2804.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-2804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
},
{
"name" : "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jun/22"
},
{
"name" : "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
},
{
"name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id",
"refsource" : "MISC",
"url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
},
{
"name" : "75125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
},
{
"name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jun/22"
},
{
"name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
},
{
"name": "75125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75125"
}
]
}
}

160
2016/10xxx/CVE-2016-10151.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170120 Re: CVE Request: two flaws in hesiod permitting privilege elevation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/01/21/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1332508",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1332508"
},
{
"name" : "https://github.com/achernya/hesiod/pull/9",
"refsource" : "CONFIRM",
"url" : "https://github.com/achernya/hesiod/pull/9"
},
{
"name" : "GLSA-201805-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-01"
},
{
"name" : "90952",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/90952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/achernya/hesiod/pull/9",
"refsource": "CONFIRM",
"url": "https://github.com/achernya/hesiod/pull/9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1332508",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1332508"
},
{
"name": "90952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90952"
},
{
"name": "[oss-security] 20170120 Re: CVE Request: two flaws in hesiod permitting privilege elevation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/21/1"
},
{
"name": "GLSA-201805-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-01"
}
]
}
}

132
2016/10xxx/CVE-2016-10479.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2016-10479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, SD 820"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variable message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overflow vulnerability in QMI Proxy"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2016-10479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, SD 820"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variable message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in QMI Proxy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

122
2016/10xxx/CVE-2016-10646.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2016-10646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "resourcehacker node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Encryption of Sensitive Data (CWE-311)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "resourcehacker node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/254",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Encryption of Sensitive Data (CWE-311)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/254",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/254"
}
]
}
}

220
2016/3xxx/CVE-2016-3045.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2016-3045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "9.0"
},
{
"version_value" : "9.0.0.1"
},
{
"version_value" : "9.0.1"
},
{
"version_value" : "7.0.0"
},
{
"version_value" : "8.0.0"
},
{
"version_value" : "8.0.0.1"
},
{
"version_value" : "8.0.0.2"
},
{
"version_value" : "8.0.0.3"
},
{
"version_value" : "8.0.0.4"
},
{
"version_value" : "8.0.0.5"
},
{
"version_value" : "8.0.1"
},
{
"version_value" : "8.0.1.2"
},
{
"version_value" : "8.0.1.3"
},
{
"version_value" : "8.0.1.4"
},
{
"version_value" : "9.0.0"
},
{
"version_value" : "9.0.1.0"
}
]
}
}
]
},
"vendor_name" : "IBM Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-3045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Manager",
"version": {
"version_data": [
{
"version_value": "9.0"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.1"
},
{
"version_value": "7.0.0"
},
{
"version_value": "8.0.0"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "9.0.0"
},
{
"version_value": "9.0.1.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21995435",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"name" : "95103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21995435",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21995435"
},
{
"name": "95103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95103"
}
]
}
}

330
2016/3xxx/CVE-2016-3138.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-3138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1316204",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name" : "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name" : "DSA-3607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3607"
},
{
"name" : "SUSE-SU-2016:1672",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name" : "SUSE-SU-2016:1690",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name" : "SUSE-SU-2016:1696",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name" : "SUSE-SU-2016:1707",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name" : "SUSE-SU-2016:1764",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "openSUSE-SU-2016:1382",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name" : "USN-2996-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name" : "USN-2997-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name" : "USN-2968-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name" : "USN-2968-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name" : "USN-2969-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name" : "USN-2970-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name" : "USN-2971-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name" : "USN-2971-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name" : "USN-2971-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2971-3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2971-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-2"
},
{
"name": "SUSE-SU-2016:1690",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
},
{
"name": "SUSE-SU-2016:1696",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
},
{
"name": "USN-2970-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2970-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "USN-2969-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2969-1"
},
{
"name": "USN-2968-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-1"
},
{
"name": "USN-2971-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-3"
},
{
"name": "USN-2997-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2997-1"
},
{
"name": "SUSE-SU-2016:1764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
},
{
"name": "DSA-3607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"name": "USN-2971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2971-1"
},
{
"name": "[oss-security] 20160314 Re: CVE request -- linux kernel: crash on invalid USB device descriptors (cdc_acm driver)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/14/4"
},
{
"name": "SUSE-SU-2016:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
},
{
"name": "USN-2996-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2996-1"
},
{
"name": "SUSE-SU-2016:1672",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
},
{
"name": "USN-2968-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2968-2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1316204"
},
{
"name": "openSUSE-SU-2016:1382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/8835ba4a39cf53f705417b3b3a94eb067673f2c9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.1"
}
]
}
}

360
2016/3xxx/CVE-2016-3500.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2016-3500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10166",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10166"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name" : "DSA-3641",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3641"
},
{
"name" : "GLSA-201610-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201610-08"
},
{
"name" : "GLSA-201701-43",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-43"
},
{
"name" : "RHSA-2016:1458",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name" : "RHSA-2016:1475",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name" : "RHSA-2016:1476",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1476"
},
{
"name" : "RHSA-2016:1477",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1477"
},
{
"name" : "RHSA-2016:1504",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
},
{
"name" : "RHSA-2016:1776",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1776.html"
},
{
"name" : "SUSE-SU-2016:1997",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name" : "SUSE-SU-2016:2012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name" : "openSUSE-SU-2016:1979",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name" : "openSUSE-SU-2016:2050",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name" : "openSUSE-SU-2016:2051",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name" : "openSUSE-SU-2016:2052",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name" : "openSUSE-SU-2016:2058",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name" : "USN-3077-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3077-1"
},
{
"name" : "USN-3043-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name" : "USN-3062-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "1036365",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3043-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3043-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "GLSA-201610-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-08"
},
{
"name": "SUSE-SU-2016:2012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html"
},
{
"name": "openSUSE-SU-2016:2052",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00034.html"
},
{
"name": "DSA-3641",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3641"
},
{
"name": "https://security.netapp.com/advisory/ntap-20160721-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160721-0001/"
},
{
"name": "RHSA-2016:1475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1475"
},
{
"name": "openSUSE-SU-2016:2051",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html"
},
{
"name": "1036365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036365"
},
{
"name": "GLSA-201701-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-43"
},
{
"name": "RHSA-2016:1477",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1477"
},
{
"name": "USN-3062-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3062-1"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1476"
},
{
"name": "SUSE-SU-2016:1997",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00011.html"
},
{
"name": "RHSA-2016:1458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1458"
},
{
"name": "openSUSE-SU-2016:2050",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00032.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10166",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10166"
},
{
"name": "openSUSE-SU-2016:1979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html"
},
{
"name": "USN-3077-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3077-1"
},
{
"name": "RHSA-2016:1776",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1776.html"
},
{
"name": "openSUSE-SU-2016:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00035.html"
},
{
"name": "RHSA-2016:1504",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1504.html"
}
]
}
}

140
2016/3xxx/CVE-2016-3930.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-3930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-3930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource" : "CONFIRM",
"url" : "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "93306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.android.com/security/bulletin/2016-10-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-10-01.html"
},
{
"name": "93306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93306"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

140
2016/4xxx/CVE-2016-4526.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-4526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02"
},
{
"name" : "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9ADB005557_ABB_SoftwareVulnerabilityHandlingAdvisory_DMPro.pdf",
"refsource" : "CONFIRM",
"url" : "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9ADB005557_ABB_SoftwareVulnerabilityHandlingAdvisory_DMPro.pdf"
},
{
"name" : "92980",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/92980"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9ADB005557_ABB_SoftwareVulnerabilityHandlingAdvisory_DMPro.pdf",
"refsource": "CONFIRM",
"url": "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9ADB005557_ABB_SoftwareVulnerabilityHandlingAdvisory_DMPro.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-259-02"
},
{
"name": "92980",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92980"
}
]
}
}

140
2016/8xxx/CVE-2016-8428.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8428",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "95231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31993456. References: N-CVE-2016-8428."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95231"
},
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
}
]
}
}

140
2016/8xxx/CVE-2016-8487.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-8487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2016-8487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96737"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "96737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96737"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
}
]
}
}

230
2016/8xxx/CVE-2016-8666.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2016-8666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161013 CVE Request: another recursion in GRE",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/10/13/11"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
},
{
"name" : "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa134",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name" : "RHSA-2017:0004",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
},
{
"name" : "RHSA-2016:2047",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"name" : "RHSA-2016:2107",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name" : "RHSA-2016:2110",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name" : "RHSA-2017:0372",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"name" : "93562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2107",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
},
{
"name": "RHSA-2017:0372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0372"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa134",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa134"
},
{
"name": "93562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93562"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2016:2047",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
},
{
"name": "RHSA-2016:2110",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
},
{
"name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
},
{
"name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
},
{
"name": "RHSA-2017:0004",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
}
]
}
}

130
2016/8xxx/CVE-2016-8877.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-8877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a \"corrupted suffix pattern\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-8877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "93608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a \"corrupted suffix pattern\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93608"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

150
2016/9xxx/CVE-2016-9119.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://moinmo.in/SecurityFixes",
"refsource" : "CONFIRM",
"url" : "https://moinmo.in/SecurityFixes"
},
{
"name" : "DSA-3715",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3715"
},
{
"name" : "USN-3137-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name" : "94501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
}
]
}
}

34
2016/9xxx/CVE-2016-9229.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9229",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9229",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

34
2016/9xxx/CVE-2016-9330.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9330",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-9330",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none."
}
]
}
}

160
2016/9xxx/CVE-2016-9440.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/11/18/3"
},
{
"name" : "https://github.com/tats/w3m/blob/master/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"name" : "https://github.com/tats/w3m/issues/22",
"refsource" : "CONFIRM",
"url" : "https://github.com/tats/w3m/issues/22"
},
{
"name" : "GLSA-201701-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-08"
},
{
"name" : "94407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-08"
},
{
"name": "https://github.com/tats/w3m/blob/master/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/tats/w3m/blob/master/ChangeLog"
},
{
"name": "https://github.com/tats/w3m/issues/22",
"refsource": "CONFIRM",
"url": "https://github.com/tats/w3m/issues/22"
},
{
"name": "94407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94407"
},
{
"name": "[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/3"
}
]
}
}

120
2016/9xxx/CVE-2016-9834.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-9834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the \"LiveConnectionDetail.jsp\" application. GET parameters \"applicationname\" and \"username\" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/bugtraq/2017/Jun/4",
"refsource" : "MISC",
"url" : "http://seclists.org/bugtraq/2017/Jun/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the \"LiveConnectionDetail.jsp\" application. GET parameters \"applicationname\" and \"username\" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/bugtraq/2017/Jun/4",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2017/Jun/4"
}
]
}
}

140
2019/2xxx/CVE-2019-2472.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "106579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106579"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
}
}

34
2019/2xxx/CVE-2019-2601.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2601",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2601",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2950.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2950",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2950",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/2xxx/CVE-2019-2961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-2961",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-2961",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6106.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6106",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6106",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2019/6xxx/CVE-2019-6524.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-03-05T00:00:00",
"ID" : "CVE-2019-6524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa IKS, EDS",
"version" : {
"version_data" : [
{
"version_value" : "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper restriction of excessive authentication attempts CWE-307"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-03-05T00:00:00",
"ID": "CVE-2019-6524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa IKS, EDS",
"version": {
"version_data": [
{
"version_value": "IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name" : "107178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of excessive authentication attempts CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-057-01"
},
{
"name": "107178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107178"
}
]
}
}

34
2019/6xxx/CVE-2019-6655.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6655",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6655",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/6xxx/CVE-2019-6811.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-6811",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6811",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/7xxx/CVE-2019-7952.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-7952",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7952",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}